Asterisk and Checkpoint NG

It’s a Checkpoint-related question, but maybe there’s someone who could help me here.

The setup:
[ul]Checkpoint NG Firewall with three active interfaces (Intranet, Internet, DMZ).[/ul][ul]Asterisk PBX in the DMZ[/ul][ul]SIP-Phone in the Intranet[/ul][ul]There is neither NAT from the Intranet to the DMZ nor from the DMZ to the Internet[/ul]

The firewall-rule (for testing purposes only! :wink:):
First rule of the Ruleset says that ANY traffic from the SIP-Phone to the Asterisk PBX is allowed.

The problem:
While monitoring the traffic for this rule, you can see the packets coming in from the Intranet-Interface and then nothing happens. Means: You don’t see them being dropped or rejected. They just seem to vanish. :smile:

My questions:
Any idea what could be the Problem? Could that be a issue with checkpoint’s smartdefense filters?

Does anyone of you have an Asterisk PBX running behind a Checkpoint NG Firewall? If yes: Could you tell me if you configured anything special on those Rule-Objects or anywhere else on the Firewall to make SIP work?

I can’t change anything on the setup. The Asterisk PBX has to be in the DMZ I’m not allowed to move it to the side of the Internet-Interface or inside the Intranet. So, thank you for not telling me to move the server. :wink: